Retention of a foreign dataset

(section 17 of IC Act)

What does it authorize?

A foreign dataset is one that contains personal information predominantly related to non‑Canadians who are outside of Canada or to non-Canadian companies.

With authorization from the Director of CSIS, CSIS may retain and use personal information about non-Canadians and persons not in Canada, even if that information is not immediately and directly related to activities that represent a threat to the security of Canada.

Why is it required?

After collecting a foreign dataset, CSIS cannot retain the dataset without a ministerial authorization issued by the Director. Approval of the authorization by the IC provides additional oversight, helping to ensure that the datasets retained by CSIS are in fact foreign datasets and do not contain information about Canadians or persons in Canada.

Why is the IC's role important?

The IC's review helps to ensure that CSIS has taken appropriate measures to delete any Canadian-related information, and is not retaining information that relates to the physical or mental health of an individual that a person would reasonably expect to remain private.

How does CSIS obtain it?

CSIS officials provide an application for retention of the foreign dataset to the Director. The application includes a description of the origin of the dataset, what it contains and how it was evaluated. To authorize the retention of the dataset, the Director must conclude that the dataset is indeed a foreign dataset; that its retention is likely to assist CSIS in the performance of its duties and functions; and that CSIS has destroyed any information relating to a Canadian or a person in Canada, as well as any information about the physical or mental health of an individual that a person would reasonably expect to remain private.